Palo Alto Networks PAN-OS 3.1.10 / 4.x < 4.0.5 Multiple Command Injections

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by multiple command injection

Description :

The remote host is running a version of Palo Alto Networks PAN-OS
prior to 3.1.10 / 4.0.5. It is, therefore, affected by multiple
command injection vulnerabilities :

- A vulnerability exists that allows an authenticated user
to inject arbitrary shell commands via the CLI.
(CVE-2012-6591 / PAN-SA-2012-0002)

- A vulnerability exists that allows an unauthenticated
user to inject commands as root on the device.
(CVE-2012-6592 / PAN-SA-2012-0003)

See also :

Solution :

Upgrade to PAN-OS version 3.1.10 / 4.0.5 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false

Family: Palo Alto Local Security Checks

Nessus Plugin ID: 72818 ()

Bugtraq ID: 62123

CVE ID: CVE-2012-6591

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now